From 96576757552f1b0ce002df3e904419b7bfca62f8 Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Tue, 12 Jul 2016 11:30:22 -0700 Subject: Plumbing through trusted path stuff to OneService. --- node/IncomingPacket.cpp | 10 ++++++---- node/Node.cpp | 1 + 2 files changed, 7 insertions(+), 4 deletions(-) (limited to 'node') diff --git a/node/IncomingPacket.cpp b/node/IncomingPacket.cpp index fb4562ab..6e1eb493 100644 --- a/node/IncomingPacket.cpp +++ b/node/IncomingPacket.cpp @@ -43,6 +43,8 @@ namespace ZeroTier { bool IncomingPacket::tryDecode(const RuntimeEnvironment *RR,bool deferred) { try { + const Address sourceAddress(source()); + // Check for trusted paths or unencrypted HELLOs (HELLO is the only packet sent in the clear) const unsigned int c = cipher(); bool trusted = false; @@ -52,8 +54,9 @@ bool IncomingPacket::tryDecode(const RuntimeEnvironment *RR,bool deferred) // packets are dropped on the floor. if (RR->topology->shouldInboundPathBeTrusted(_remoteAddress,trustedPathId())) { trusted = true; + printf("TRUSTED PATH packet from %s(%s), trusted path ID %llx\n",sourceAddress.toString().c_str(),_remoteAddress.toString().c_str(),trustedPathId()); } else { - TRACE("dropped packet from %s(%s), cipher set to trusted path mode but path %.16llx@%s is not trusted!",peer->address().toString().c_str(),_remoteAddress.toString().c_str(),trustedPathId(),_remoteAddress.toString().c_str()); + TRACE("dropped packet from %s(%s), cipher set to trusted path mode but path %llx@%s is not trusted!",sourceAddress.toString().c_str(),_remoteAddress.toString().c_str(),trustedPathId(),_remoteAddress.toString().c_str()); return true; } } else if ((c == ZT_PROTO_CIPHER_SUITE__C25519_POLY1305_NONE)&&(verb() == Packet::VERB_HELLO)) { @@ -71,18 +74,17 @@ bool IncomingPacket::tryDecode(const RuntimeEnvironment *RR,bool deferred) } } - const Address sourceAddress(source()); SharedPtr peer(RR->topology->getPeer(sourceAddress)); if (peer) { if (!trusted) { if (!dearmor(peer->key())) { - TRACE("dropped packet from %s(%s), MAC authentication failed (size: %u)",peer->address().toString().c_str(),_remoteAddress.toString().c_str(),size()); + TRACE("dropped packet from %s(%s), MAC authentication failed (size: %u)",sourceAddress.toString().c_str(),_remoteAddress.toString().c_str(),size()); return true; } } if (!uncompress()) { - TRACE("dropped packet from %s(%s), compressed data invalid",peer->address().toString().c_str(),_remoteAddress.toString().c_str()); + TRACE("dropped packet from %s(%s), compressed data invalid",sourceAddress.toString().c_str(),_remoteAddress.toString().c_str()); return true; } diff --git a/node/Node.cpp b/node/Node.cpp index 058df32d..13085028 100644 --- a/node/Node.cpp +++ b/node/Node.cpp @@ -447,6 +447,7 @@ ZT_PeerList *Node::peers() const p->paths[p->pathCount].lastReceive = path->lastReceived(); p->paths[p->pathCount].active = path->active(_now) ? 1 : 0; p->paths[p->pathCount].preferred = ((bestPath)&&(*path == *bestPath)) ? 1 : 0; + p->paths[p->pathCount].trustedPathId = RR->topology->getOutboundPathTrust(path->address()); ++p->pathCount; } } -- cgit v1.2.3